Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Allowing users to execute shell scripts without seeing password
> I think the setuid+sticky bit is definitely the solution :)
Correcting myself: it's sticky bit + shebang:
xxx:{root}:/app/oracle> cat tmp1.sh
#!/usr/bin/ksh
date
xxx:{root}:/app/oracle> chmod 4501 tmp1.sh
xxx:{root}:/app/oracle> ls -l tmp1.sh
-r-s-----x 1 root other 20 Feb 17 23:51 tmp1.sh
xxx:{root}:/app/oracle> su - oracle
$ ls -l tmp1.sh
-r-s-----x 1 root other 20 Feb 17 23:51 tmp1.sh
$ ./tmp1.sh
Fri Feb 17 23:59:11 MET 2006
$ cat tmp1.sh
cat: cannot open tmp1.sh
Without shebang:
xxx:{root}:/app/oracle> cat tmp1.sh
#
#!/usr/bin/ksh
date
xxx:{root}:/app/oracle> su - oracle
$ ls -l tmp1.sh
-r-s-----x 1 root other 22 Feb 18 00:01 tmp1.sh
$ ./tmp1.sh
ksh: ./tmp1.sh: cannot open
$ truss tmp1.sh
.................................................. brk(0x0003A2F0) = 0 getuid() = 250 [250] getuid() = 250 [250] getgid() = 200 [200] getgid() = 200 [200] open64("./tmp1.sh", O_RDONLY) Err#13 EACCES ./tmp1.shwrite(2, " . / t m p 1 . s h", 9) = 9 : write(2, " : ", 2) = 2 ./tmp1.shwrite(2, " . / t m p 1 . s h", 9) = 9 : write(2, " : ", 2) = 2 cannot openwrite(2, " c a n n o t o p e n", 11) = 11 write(2, "\n", 1) = 1 llseek(0, 0, SEEK_CUR) = 40735_exit(1)
Dimitre
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Feb 17 2006 - 17:07:31 CST
![]() |
![]() |